github
diff --git a/‎javascript/ql/lib/semmle/javascript/DynamicPropertyAccess.qll
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/lib/semmle/javascript/DynamicPropertyAccess.qll
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/lib/semmle/javascript/StandardLibrary.qll
Lines changed: 1 addition & 7 deletions b/‎javascript/ql/lib/semmle/javascript/StandardLibrary.qll
Lines changed: 1 addition & 7 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll
Lines changed: 21 additions & 82 deletions b/‎javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll
Lines changed: 21 additions & 82 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll
Lines changed: 5 additions & 18 deletions b/‎javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSExpressions.qll
Lines changed: 5 additions & 18 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/frameworks/AsyncPackage.qll
Lines changed: 7 additions & 23 deletions b/‎javascript/ql/lib/semmle/javascript/frameworks/AsyncPackage.qll
Lines changed: 7 additions & 23 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll
Lines changed: 8 additions & 38 deletions b/‎javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll
Lines changed: 8 additions & 38 deletions
@@ -14,7 +14,7 @@ private import semmle.javascript.dataflow.internal.FlowSteps
 SourceNode getAnEnumeratedArrayElement(SourceNode array) {
   exists(MethodCallNode call, string name |
     call = array.getAMethodCall(name) and
-    (name = "forEach" or name = "map") and
+    (name = ["forEach", "map"]) and
     result = call.getCallback(0).getParameter(0)
   )
   or
 
@@ -55,13 +55,7 @@ private class ArrayIterationCallbackAsPartialInvoke extends DataFlow::PartialInv
     getNumArgument() = 2 and
     // Filter out library methods named 'forEach' etc
     not DataFlow::moduleImport(_).flowsTo(getReceiver()) and
-    exists(string name | name = getMethodName() |
-      name = "filter" or
-      name = "forEach" or
-      name = "map" or
-      name = "some" or
-      name = "every"
-    )
+    getMethodName() = ["filter", "forEach", "map", "some", "every"]
   }
 
   override DataFlow::Node getBoundReceiver(DataFlow::Node callback) {
 
@@ -177,15 +177,10 @@ class ModuleApiCallDependencyInjection extends DependencyInjection {
    * This method excludes the method names that are also present on the AngularJS '$provide' object.
    */
   private int injectableArgPos() {
-    (
-      methodName = "directive" or
-      methodName = "filter" or
-      methodName = "controller" or
-      methodName = "animation"
-    ) and
+    methodName = ["directive", "filter", "controller", "animation"] and
     result = 1
     or
-    (methodName = "config" or methodName = "run") and
+    methodName = ["config", "run"] and
     result = 0
   }
 
@@ -199,64 +194,17 @@ class ModuleApiCallDependencyInjection extends DependencyInjection {
  * (cf. https://docs.angularjs.org/api/ng/directive/).
  */
 private predicate builtinDirective(string name) {
-  name = "ngApp" or
-  name = "ngBind" or
-  name = "ngBindHtml" or
-  name = "ngBindTemplate" or
-  name = "ngBlur" or
-  name = "ngChange" or
-  name = "ngChecked" or
-  name = "ngClass" or
-  name = "ngClassEven" or
-  name = "ngClassOdd" or
-  name = "ngClick" or
-  name = "ngCloak" or
-  name = "ngController" or
-  name = "ngCopy" or
-  name = "ngCsp" or
-  name = "ngCut" or
-  name = "ngDblclick" or
-  name = "ngDisabled" or
-  name = "ngFocus" or
-  name = "ngForm" or
-  name = "ngHide" or
-  name = "ngHref" or
-  name = "ngIf" or
-  name = "ngInclude" or
-  name = "ngInit" or
-  name = "ngJq" or
-  name = "ngKeydown" or
-  name = "ngKeypress" or
-  name = "ngKeyup" or
-  name = "ngList" or
-  name = "ngMaxlength" or
-  name = "ngMinlength" or
-  name = "ngModel" or
-  name = "ngModelOptions" or
-  name = "ngMousedown" or
-  name = "ngMouseenter" or
-  name = "ngMouseleave" or
-  name = "ngMousemove" or
-  name = "ngMouseover" or
-  name = "ngMouseup" or
-  name = "ngNonBindable" or
-  name = "ngOpen" or
-  name = "ngOptions" or
-  name = "ngPaste" or
-  name = "ngPattern" or
-  name = "ngPluralize" or
-  name = "ngReadonly" or
-  name = "ngRepeat" or
-  name = "ngRequired" or
-  name = "ngSelected" or
-  name = "ngShow" or
-  name = "ngSrc" or
-  name = "ngSrcset" or
-  name = "ngStyle" or
-  name = "ngSubmit" or
-  name = "ngSwitch" or
-  name = "ngTransclude" or
-  name = "ngValue"
+  name =
+    [
+      "ngApp", "ngBind", "ngBindHtml", "ngBindTemplate", "ngBlur", "ngChange", "ngChecked",
+      "ngClass", "ngClassEven", "ngClassOdd", "ngClick", "ngCloak", "ngController", "ngCopy",
+      "ngCsp", "ngCut", "ngDblclick", "ngDisabled", "ngFocus", "ngForm", "ngHide", "ngHref", "ngIf",
+      "ngInclude", "ngInit", "ngJq", "ngKeydown", "ngKeypress", "ngKeyup", "ngList", "ngMaxlength",
+      "ngMinlength", "ngModel", "ngModelOptions", "ngMousedown", "ngMouseenter", "ngMouseleave",
+      "ngMousemove", "ngMouseover", "ngMouseup", "ngNonBindable", "ngOpen", "ngOptions", "ngPaste",
+      "ngPattern", "ngPluralize", "ngReadonly", "ngRepeat", "ngRequired", "ngSelected", "ngShow",
+      "ngSrc", "ngSrcset", "ngStyle", "ngSubmit", "ngSwitch", "ngTransclude", "ngValue"
+    ]
 }
 
 private newtype TDirectiveInstance =
@@ -676,10 +624,7 @@ private class JQLiteObject extends JQuery::ObjectSource::Range {
       )
     )
     or
-    exists(ServiceReference element |
-      element.getName() = "$rootElement" or
-      element.getName() = "$document"
-    |
+    exists(ServiceReference element | element.getName() = ["$rootElement", "$document"] |
       this = element.getAReference()
     )
   }
@@ -780,23 +725,17 @@ private class BuiltinServiceCall extends AngularJSCall {
 
   override predicate interpretsArgumentAsCode(Expr e) {
     exists(ScopeServiceReference scope, string methodName |
-      methodName = "$apply" or
-      methodName = "$applyAsync" or
-      methodName = "$eval" or
-      methodName = "$evalAsync" or
-      methodName = "$watch" or
-      methodName = "$watchCollection" or
-      methodName = "$watchGroup"
+      methodName =
+        [
+          "$apply", "$applyAsync", "$eval", "$evalAsync", "$watch", "$watchCollection",
+          "$watchGroup"
+        ]
     |
       call = scope.getAMethodCall(methodName) and
       e = call.getArgument(0)
     )
     or
-    exists(ServiceReference service |
-      service.getName() = "$compile" or
-      service.getName() = "$parse" or
-      service.getName() = "$interpolate"
-    |
+    exists(ServiceReference service | service.getName() = ["$compile", "$parse", "$interpolate"] |
       call = service.getACall() and
       e = call.getArgument(0)
     )
@@ -952,7 +891,7 @@ class ElementScope extends AngularScope, MkElementScope {
 DataFlow::SourceNode routeProviderRef() {
   result = builtinServiceRef("$routeProvider")
   or
-  exists(string m | m = "when" or m = "otherwise" | result = routeProviderRef().getAMethodCall(m))
+  exists(string m | m = ["when", "otherwise"] | result = routeProviderRef().getAMethodCall(m))
 }
 
 /**
 
@@ -277,24 +277,11 @@ private module Lexer {
     override string getPattern() {
       result =
         concat(string op |
-          op = "===" or
-          op = "!==" or
-          op = "==" or
-          op = "!=" or
-          op = "<=" or
-          op = ">=" or
-          op = "&&" or
-          op = "||" or
-          op = "*" or
-          op = "!" or
-          op = "=" or
-          op = "<" or
-          op = ">" or
-          op = "+" or
-          op = "-" or
-          op = "/" or
-          op = "%" or
-          op = "|"
+          op =
+            [
+              "===", "!==", "==", "!=", "<=", ">=", "&&", "||", "*", "!", "=", "<", ">", "+", "-",
+              "/", "%", "|"
+            ]
         |
           "\\Q" + op + "\\E", "|" order by op.length() desc
         )
 
@@ -103,25 +103,12 @@ module AsyncPackage {
 
     IterationCall() {
       this = memberVariant(name).getACall() and
-      (
-        name = "concat" or
-        name = "detect" or
-        name = "each" or
-        name = "eachOf" or
-        name = "forEach" or
-        name = "forEachOf" or
-        name = "every" or
-        name = "filter" or
-        name = "groupBy" or
-        name = "map" or
-        name = "mapValues" or
-        name = "reduce" or
-        name = "reduceRight" or
-        name = "reject" or
-        name = "some" or
-        name = "sortBy" or
-        name = "transform"
-      )
+      name =
+        [
+          "concat", "detect", "each", "eachOf", "forEach", "forEachOf", "every", "filter",
+          "groupBy", "map", "mapValues", "reduce", "reduceRight", "reject", "some", "sortBy",
+          "transform"
+        ]
     }
 
     /**
@@ -176,10 +163,7 @@ module AsyncPackage {
         pred = getLastParameter(iteratee).getACall().getArgument(i) and
         succ = final.getParameter(i) and
         exists(string name | name = call.getName() |
-          name = "concat" or
-          name = "map" or
-          name = "reduce" or
-          name = "reduceRight"
+          name = ["concat", "map", "reduce", "reduceRight"]
         )
       )
     }
 
@@ -81,44 +81,20 @@ module HTTP {
    */
   class RequestMethodName extends string {
     RequestMethodName() {
-      this = "CHECKOUT" or
-      this = "COPY" or
-      this = "DELETE" or
-      this = "GET" or
-      this = "HEAD" or
-      this = "LOCK" or
-      this = "MERGE" or
-      this = "MKACTIVITY" or
-      this = "MKCOL" or
-      this = "MOVE" or
-      this = "M-SEARCH" or
-      this = "NOTIFY" or
-      this = "OPTIONS" or
-      this = "PATCH" or
-      this = "POST" or
-      this = "PURGE" or
-      this = "PUT" or
-      this = "REPORT" or
-      this = "SEARCH" or
-      this = "SUBSCRIBE" or
-      this = "TRACE" or
-      this = "UNLOCK" or
-      this = "UNSUBSCRIBE"
+      this =
+        [
+          "CHECKOUT", "COPY", "DELETE", "GET", "HEAD", "LOCK", "MERGE", "MKACTIVITY", "MKCOL",
+          "MOVE", "M-SEARCH", "NOTIFY", "OPTIONS", "PATCH", "POST", "PURGE", "PUT", "REPORT",
+          "SEARCH", "SUBSCRIBE", "TRACE", "UNLOCK", "UNSUBSCRIBE"
+        ]
     }
 
     /**
      * Holds if this kind of HTTP request should be considered free of side effects,
      * such as for `GET` and `HEAD` requests.
      */
     predicate isSafe() {
-      this = "GET" or
-      this = "HEAD" or
-      this = "OPTIONS" or
-      this = "PRI" or
-      this = "PROPFIND" or
-      this = "REPORT" or
-      this = "SEARCH" or
-      this = "TRACE"
+      this = ["GET", "HEAD", "OPTIONS", "PRI", "PROPFIND", "REPORT", "SEARCH", "TRACE"]
     }
   }
 
@@ -477,13 +453,7 @@ module HTTP {
      * Headers are never considered third-party controllable by this predicate, although the
      * third party does have some control over the the Referer and Origin headers.
      */
-    predicate isThirdPartyControllable() {
-      exists(string kind | kind = getKind() |
-        kind = "parameter" or
-        kind = "url" or
-        kind = "body"
-      )
-    }
+    predicate isThirdPartyControllable() { getKind() = ["parameter", "url", "body"] }
   }
 
   /**
Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@ private import semmle.javascript.dataflow.internal.FlowSteps`
`14`	`14`	`SourceNode getAnEnumeratedArrayElement(SourceNode array) {`
`15`	`15`	`exists(MethodCallNode call, string name \|`
`16`	`16`	`call = array.getAMethodCall(name) and`
`17`		`- (name = "forEach" or name = "map") and`
	`17`	`+ (name = ["forEach", "map"]) and`
`18`	`18`	`result = call.getCallback(0).getParameter(0)`
`19`	`19`	`)`
`20`	`20`	`or`